Demo environment for the AWS Database Blog post: Connecting .NET Lambda to Aurora PostgreSQL via RDS Proxy
⚠️ IMPORTANT: This code is for demonstration purposes only and is NOT intended for production use. This repository contains sample code to illustrate concepts discussed in the blog post. For production deployments, additional security hardening, error handling, monitoring, and architectural considerations are required.
This repository contains infrastructure-as-code and sample application code demonstrating how to connect a .NET Lambda function to Aurora PostgreSQL using RDS Proxy for connection pooling and IAM authentication.
DBBLOG-4126-CFN.yaml- CloudFormation template for provisioning the demo environmentFunction.cs- Sample C# Lambda function code demonstrating the connection pattern
The CloudFormation template provisions:
- Aurora PostgreSQL Cluster - Serverless v2 or provisioned database cluster
- RDS Proxy - Connection pooling and IAM authentication layer
- EC2 Instance - Bastion host for database access and testing
- VPC Configuration - Subnets, security groups, and networking
- IAM Roles & Policies - Permissions for Lambda and RDS Proxy
- AWS Account with appropriate permissions
- AWS CLI configured
- .NET SDK (for Lambda function development)
aws cloudformation create-stack \
--stack-name aurora-rds-proxy-demo \
--template-body file://DBBLOG-4126-CFN.yaml \
--capabilities CAPABILITY_NAMED_IAM \
--parameters ParameterKey=WinAdminPassword,ParameterValue='YourP@ssw0rd!'aws cloudformation wait stack-create-complete \
--stack-name aurora-rds-proxy-demoAfter deployment, retrieve important connection details:
aws cloudformation describe-stacks \
--stack-name aurora-rds-proxy-demo \
--query 'Stacks[0].Outputs'Key outputs include:
- RDS Proxy endpoint
- Aurora cluster endpoint
- EC2 instance ID
- Security group IDs
- Connect to the EC2 bastion host
- Test database connectivity through RDS Proxy
- Follow the instructions in the blog to deploy the Lambda function in the provisioned Windows EC2 instance.
- Invoke the Lambda function to verify end-to-end connectivity to Aurora PostgreSQL through RDS Proxy.
Delete the stack when finished:
aws cloudformation delete-stack \
--stack-name aurora-rds-proxy-demo- Database credentials are stored in AWS Secrets Manager
- IAM authentication is used for Lambda-to-RDS Proxy connections
- Security groups restrict access to necessary ports only
- All resources are deployed in private subnets (except bastion)
This is a demo environment. To minimize costs:
- Use Aurora Serverless v2 with appropriate scaling configuration
- Delete the stack when not in use
- Consider using smaller EC2 instance types
This sample code is made available under the MIT-0 license. See the LICENSE file.
Contributions are welcome! Please open an issue or submit a pull request.